CVE-2024-51890

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 19, 2024
CWE ID 79

Summary

CVE-2024-51890 is a Cross-site Scripting (XSS) vulnerability affecting the Geoportail Shortcode from version n/a to 2.4.4. The issue stems from improper neutralization of user input during web page generation. An attacker can exploit this flaw to inject malicious scripts into a vulnerable website, potentially stealing user data or gaining unauthorized access. This stored XSS vulnerability poses a significant risk to websites utilizing the Geoportail Shortcode and should be addressed promptly through an update to a patched version.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share